Spoiler is a non-Spectre attack that affects all Intel chips and cannot be fixed with software mitigation

Spoiler, unlike Spectre, affects the memory subsystem of chips designed by Intel.

Spectre and Meltdown were revealed as two high-level vulnerabilities affecting all processors dating back at least the past two decades in January last year. Now, researchers have discovered a new flaw that affects all Intel chips relying on speculative execution for improvement to performance of these processors. The new vulnerability, called Spoiler, also exploits speculative execution in Intel chips to reveal data that is not generally available without higher level access. Unlike Spectre and Meltdown, Spoiler attacks a different area of the processor called the Memory Order Buffer.

The Memory Order Buffer on a processor is used to manage memory operations and is tightly integrated with the cache. In a new paper titled ‘Spoiler: Speculative load hazards boost Rowhammer and cache attacks’ by researchers from Worcester Polytechnic Institute, Massachusetts and the University of L beck in northern Germany. The paper released this month was first spotted by The Register, and it explains how Spoiler is not another Spectre attack and how Intel‘s mitigation introduced last year won’t be able to prevent it.

Also Read

“The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem, which directly leaks timing behavior due to physical address conflicts. Existing Spectre mitigation would therefore not interfere with Spoiler,” the researchers write in the paper.

They note that Spoiler only affects processors designed by Intel and the same weakness cannot be exploited to break into ARM or AMD processor. Spoiler, according to researchers, depends on “a novel microarchitectural leakage, which reveals critical information about physical page mappings to user space processes. The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS, and also works from within virtual machines and sandboxed environments.”

Watch: Qualcomm Snapdragon 8cx Always Connected PC First Look

Spoiler reportedly improves Rowhammer attacks and cache attacks which reverse-engineer virtual-to-physical address mapping. They show that the leakage can be exploited using Spoiler to speed up reverse-engineering process by a factor of 256. It is also capable of speeding up JavaScript attacks in the browser. On December 1, 2018, Intel reportedly confirmed receipt of these findings and the researchers note that software mitigation won’t fully address the problem while hardware mitigation would result in a hit on CPU performance.

In the case of JavaScript-based Spoiler attacks via a website, a browser could mitigate the problem by removing accurate timers. Daniel (Ahmad) Moghimi, one of the author of this paper on Spoiler, told The Register that he doubts Intel will be able to issue a patch for the issue affecting the memory subsystem in the next five years.

BGR is a leading online destination for news and commentary focused on the mobile and general consumer electronics markets. It is America’s number one source of exclusive and breaking mobile news, and a technology category leader among early adopters, savvy technophiles and casual readers alike. more